Date: Mon, 20 Dec 2010 12:11:37 -0800 From: David Brodbeck <gull@gull.us> To: krad <kraduk@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: SEBSD is dead? Message-ID: <AANLkTikkd03To7=8TFbcr_Euo2CWh6nD1%2BhtL78aSeHQ@mail.gmail.com> In-Reply-To: <AANLkTimGx6414RWXru10hr-09WGLcqMedZVAXsi%2BW0JF@mail.gmail.com> References: <4D0B4D1D.8010700@gmail.com> <AANLkTimYKW=xOrVivx5okwaWrm5AWb-Y8c2KsZbMAA%2B_@mail.gmail.com> <AANLkTiks9ze649-41X-MVryu_pHdy7uHQyvSzi8Yef_G@mail.gmail.com> <20101217152709.GE94554@gizmo.acns.msu.edu> <4D0B84F5.4010905@unsane.co.uk> <20101217160221.GB94970@gizmo.acns.msu.edu> <AANLkTi=U0t92qH1d7MEYD3DKCe9hN4KKmpffpw_o4dM4@mail.gmail.com> <AANLkTimGx6414RWXru10hr-09WGLcqMedZVAXsi%2BW0JF@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 18, 2010 at 2:51 AM, krad <kraduk@gmail.com> wrote: > > > On 17 December 2010 22:20, David Brodbeck <gull@gull.us> wrote: >> >> On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister <jerrymc@msu.edu> wrote: >> > Anyway, SeLinux ain't 100% popular over there I noticed. >> > Maybe it is just a matter of getting used to it. I got >> > tired of reading the posts on it, so haven't figured out >> > if they were substantive or just whiney. >> >> The problem with SELinux is it becomes very difficult to configure >> properly if you don't have a normal, out-of-the-box configuration. >> >> For example, I never did figure out how to keep it from blocking an >> rsync backup. I disabled it after that, because a system I can't back >> up is pretty useless no matter how secure it is. :) >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > > > not sure if it will work on all linuxs but this works fine for me on centos > in enforcing mode > > setsebool -P rsync_disable_trans on Yeah, I'd seen that fix, too. As I recall it worked temporarily, then stopped working again, and issuing the command again didn't help for reasons that I couldn't figure out. I also had problems with SELinux breaking execution of external scripts by the SNMP server. I've seen various HOWTOs about how to craft new rules to permit things like this, but many of them seemed to be out of date or referred to tools that don't ship with RedHat. Documentation is thin and the rule syntax is so cryptic it makes sendmail.cf look like LOGO. It was obviously intended to be a "no user serviceable parts inside" sort of system, but that only works if your setup is completely standard.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikkd03To7=8TFbcr_Euo2CWh6nD1%2BhtL78aSeHQ>